Volerion logoVolerion
Volerion logoVolerion

Adobe Commerce and Magento Open Source Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Commerce and Magento Open Source. This issue affects versions through 2.4.9-alpha3, as well as several other version ranges. The vulnerability allows a high-privileged attacker to inject malicious scripts into form fields, which could then be executed when a victim interacts with the page containing the compromised field.

Impact

Exploitation of this vulnerability could lead to stored Cross-Site Scripting, allowing injected scripts to be executed in the context of the user.

Remediation

Users are advised to update to Adobe Commerce 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, or 2.4.4-p17. For Magento Open Source users, the recommended versions are the same as for Adobe Commerce. Instructions for updating can be found in the release notes for each version.

Added: Mar 11, 2026, 3:25 AM
Updated: Mar 11, 2026, 3:25 AM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
1.7
exploitability
4.7
remediation
7.7
relevance
3.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.